[German]Firefox users seem to have problems accessing Microsoft websites at the moment. A blog reader had already contacted me the other day. Now I read further reports on the Internet that this is not an isolated case, but probably affects more users.
Advertising
A first message from a reader
Already on 12.12.2021 Swiss blog reader Roland M. contacted me by mail and complained that he had problems with the Firefox browser and Microsoft websites. Here is his mail:
Hello Günter
I tried to access my Microsoft account with Nightly earlier. Can't, the following error message comes up:
"Error: secure connection failed.
An error occurred while connecting to account.microsoft.com. The OCSP response does not contain a status for the certificate being checked.
Error code: MOZILLA_PKIX_ERROR_OCSP_RESPONSE_FOR_CERT_MISSING
The website cannot be displayed because the authenticity of the received data could not be verified.
Please contact the owner of the website to inform him about this problem."
It doesn't work with Firefox either.
But ooooooh wonder! With Edge it works.
Since I'm not an IT guy, I'm assuming that according to the error message, Microsoft is blocking Firefox and Nightly from logging into the MS account.
With Seamonkey it also does not work, has the same engine as Firefox and Nightly.
With the Brave browser based on Chromium it works.
I then launched my Firefox portable here on Windows 7 and briefly checked my Microsoft accounts for OneDrive, etc. There everything worked and I could not verify the error. But it was my fault, because the tested domains are not affected. I suspected some security solution as a troublemaker and did not pursue this further. Roland reported a day later that the error had suddenly resolved for him, it was working again.
I tried again with microsoft.com and immediately got the above error message. So there is something bad in stock. Roland just wrote me: "Sometimes it works! Really weird! You just have to click "try again" a few times.".
User entries in Microsoft Q&A
I just came across the current user entry Problem with Secure Connection at Microsoft Q&A via the error code MOZILLA_PKIX_ERROR_OCSP_RESPONSE_FOR_CERT_MISSING. There a user posted the following:
Advertising
Problem with Secure Connection
Hi
Using Firefox and am getting a lot of the error messages shown below. Sometimes it seems to last about 15 min and then I will get one session OK.
========================================
Secure Connection FailedAn error occurred during a connection to docs.microsoft.com. The OCSP response does not include a status for the certificate being verified.
Error code: MOZILLA_PKIX_ERROR_OCSP_RESPONSE_FOR_CERT_MISSING
1. The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
2. Please contact the web site owners to inform them of this problem.
The problems are confirmed by other users. The Online Certificate Status Protocol (OCSP) allows browsers and other client-side applications to check whether an SSL certificate has been revoked instead of relying on traditional revocation lists. Something seems to be up, the requested certificate probably doesn't exist. One user has postet a workaround (see also below).
I became aware of the issue again because the colleagues at Bleeping Computer were able to verify the SSL certificate validation error when accessing Microsoft sites and confirm that Firefox has problems accessing microsoft.com. The colleagues write that it is related to the concept of OCSP stapling.
Furthermore, the people write that the problem is possibly caused with an 8 year old bug in Firefox or a missing feature for this problem. This is because Firefox does not yet recognize SHA-2 hashes (like SHA-256), in the CertID fields. However, the values contained in the received OCSP responses are hashed with SHA-256. Therefore, any certificate containing SHA-256 hashes, as opposed to the older SHA-1 hashes, is considered invalid, causing Firefox to close the connection to the website.
Bleeping Computer advises affected users to temporarily disable OCSP stapling in Firefox as a quick quick workaround to fix the connection issues. To do this, Firefox users need to type about:config in their address bar and press Enter. Then, the "Accept risk and continue" button is to be confirmed. After that, the following options:
- security.ssl.enable_ocsp_must_staple
- security.ssl.enable_ocsp_stapling
need to be changed from true to false. I just tested it – then access to Microsoft pages works again. I think the next Firefox updates (affects clones too) will fix the problem.
https://www.ghacks.net/2021/12/16/firefox-95-0-1-fixes-microsoft-com-connection-issues-and-other-bugs/
https://download-installer.cdn.mozilla.net/pub/firefox/releases/95.0.1/win32/en-US/Firefox%20Setup%2095.0.1.exe
https://download-installer.cdn.mozilla.net/pub/firefox/releases/95.0.1/win64/en-US/Firefox%20Setup%2095.0.1.exe
> https://www.neowin.net/news/firefox-9501/
apparently the problem also occurs in other Mozilla based browsers like Seamonkey as I also couldn't access the Microsoft site using Seamonkey AND Pale Moon (and even K-meleon).
Firefox 95.0.1 & 91.4.1 ESR versions seem to fix the problem as well with Palemoon 29.4.3:
https://www.palemoon.org/download.shtml